TW201138494A - Protection against unsolicited communication - Google Patents

Abstract

Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.

Description

201138494 VI. STATEMENT OF EMBODIMENT: [0001] The present application is based on and claims the priority of US Provisional Patent Application No. 61/254,610, filed on Oct. 23, 2009. This is incorporated herein by reference. [0002] [Prior Art 3 Internet Protocol (IP) Multimedia Subsystem (IMS) can be used to deliver multimedia services to wireless transmit/receive units (WTRUs). Unsolicited communications (U:C) include communications that the recipient does not want to receive. The UC may include a source of garbage IP telephony (SPIT) or garbage 1 (SPIM) UC that may be generated in the IMS network, or may be generated by sources other than the IMS network. There may be problems with current UC protection measures. For example: Λ 'In the case of a network operator contractually managing UC' it may not be expensive to obtain a new sender identity. The use of IMS can result in operators taking on more responsibilities and investing more capital. Denial of service (DoS) protection for domains of time-critical communication may not have cost-effectiveness. Adaptive or random simulation behavior can be well modeled for legitimate patterns, and management of DoS protection measures can become expensive. . The existing mitigation method for DoS is network-centric, while UC, SPIT, and SPI are receiver-centric. For example, an attacker can cause damage to a recipient without logging into the network. It may be difficult for a network provider to protect customers from SPIT violations. Depending on the automatic reasoning of the network entity without regard to the recipient's communication restrictions, management regulations and legal challenges may arise. 099136134 Other UC attacks can be directed to the WTRU. Due to the interplay between various platforms and systems, a large number of form numbers for attestati〇n (attestati〇n) _ Page 3 of 43 1003〇37344-0 201138494 Reference values can make WTRU-based attacks difficult to guard against. UC protection measures (such as Consent Mailbox (CMB)) may be abused by the SPIT party (SPlTer) by placing their junk e-mail on the CMB, such as sp I τ, to be added as a request message is garbage The contact of the mail 'either can add the user of the target WTRU as a contact and send a spam message in the welcome short message. SUMMARY OF THE INVENTION [0003] 099136134 discloses a system and method for providing protection against unsolicited communication (uc) in a network, such as but not limited to an Internet Protocol (1P) multimedia system ( I MS). In the case of an I MS, the protection may be referred to as the protection of unsolicited communication (UC) in the Internet Protocol (II3): Multimedia Subsystem (IMS) ('"PUCJ"). .> ·» The network can receive communications. The communication may originate from the transmitting device (e.g., the first WTRU) and may need to be communicated to the receiving device (e.g., the second WTRU). The network may be a transmission network associated with the transmitting device, a third party network, or a receiving network associated with the receiving device. The network can determine authentication information associated with the transmitting device. The authentication information may include a strong sender identification or status information associated with the transmitting device. The strong sender knows that it cannot be operated by the sender of the communication. The strong sender identification may be an identifier of the network claim. The status information may be related to the health status of the transmitting device, such as the status of the anti-virus software on the transmitting device or the presence of malicious software. The authentication information can be sent to a receiving entity, such as a third party network, a receiving network, or a receiving device. The receiving entity can evaluate the authentication information to determine if the communication is unsolicited. The receiving entity can remove the malicious software from the sending device. Receiving entity, such as a third-party network, receiving network, or receiving device Form number AG101 Page 4 of 43 I 1003037344-0 201138494 Ο

It can receive communication from the send, ν test to determine, s free delivery. The receiving entity can perform unsolicited measurements. The test may include a challenge (/response to the test response or identification check. For example, the challenge transmitting entity may include a Turing test or may identify a question/answer exchange including the transmission of a specific characteristic. The identity check can check the status/health of the address body (eg, the sending device, the sending network) or multiple checks, or associate the identifier associated with the sending device with the testable package name (eg, whitelist) The existence of the blacklist, etc., including the determination of the strength of the authentication, the identification of the hardware on the transmitting device, and the storage of the device that is required by the ceremonial (Certified) software. The sender identifies the relevant responsibilities. The evaluation of the authentication page or one or both of the Xie or multiple entities η _ can be performed. In addition, one can perform multiple evaluations or tests. Executed by the internal application program Aw* or a third-party application server. When it is determined that the communication is a request, the receiving entity may reject the connection related to the communication. When the communication is acceptable (for example, the communication is not considered to be unsuccessful), the receiving entity may permit the connection related to the communication. For example, __Factory J such as 'call from the first WTRU to the second WTRU may Being rejected or allowed to be connected can be performed by the receiving network or receiving device.

Challenge) / [0004] 099136134 The following details and figures provide additional features of the systems, methods, and hands described herein. [Embodiment] Fig. 1 is a diagram showing an exemplary implementation of the disclosed system, method and means. However, although the invention has been described in connection with the exemplary embodiments, the invention is not limited to the embodiments, the form number A0101, page 5, page 43, 1003037344-0, 201138494, it should be understood that other embodiments may be used or The described embodiments are modified or added to implement the same functions of the present invention without departing from the invention. Moreover, the figures may exemplify a call flow that should be exemplary. It should be understood that other embodiments may be used. In addition, the order of the processes can be changed, where applicable. In addition, the process can be omitted if not necessary, and additional processes can be added. Hereinafter, the term "wireless transmit/receive unit (WTRU)" may include, but is not limited to, user equipment (UE), mobile station (MS), mobile device (ME), enhanced mobile station (AMS), fixed or mobile use. Unit, pager, mobile phone, personal digital assistant (PDA), computer, tablet, smart phone, game console or portable game device, or any other type of user who can operate in a wireless environment Apparatus hereinafter, the term "base station" may include, but is not limited to, Node-B, Enhanced Base Station (ABS), Site Controller, Gate, Home (e) Node-B, Access Point (AP), Or any other type of peripheral that can operate in a wireless environment. The terms "WTRU" and "base station" do not exclude each other, the terms "trust," "trustworthy," and "trustworthy," and variations thereof, may refer to measurable and observable evaluation methods, Used to evaluate whether a unit can operate in a specific way. In the following, the term "trusted domain (TD)" and its various variants may include, but are not limited to, domains. In the following, the term "Trusted Module (TrM)" includes, but is not limited to, a fully secure execution and storage environment for the WTRU platform. Here, the term "authentication information" may relate to the status/health of the device/network, 099136134, form number A0101, page 6 of 43 page 1003037344-0 201138494, status/health, sender/sender identification ( For example, strong sender identification), identification of the sending network element, hardware identification features (eg, ID, wafer ID, etc.).

1 is a block diagram of an exemplary wireless transmit/receive unit (WTRU) for use with the disclosed systems, methods and means. In addition to the elements that can be found in a typical WTRU, the 'wtru 1' may include one or more of the following: the processor 110, the memory 112 of the link to the processor 112, the transceiver 114, Battery 116, and antenna 118. The processor can be configured to perform a method of preventing protection of unsolicited communication. Transceiver 114 can communicate with processor if and antenna ι 18 to facilitate the transmission and reception of wireless communications. In the case where battery 116 is used in wtrjj 100, it can power transceiver 114 and processor 11A. The WTRU 100 may also include a Trusted Module (TrM) 120. Protection against unsolicited communication (UC) may include the use of strong sender identification, such as sender identity that cannot be operated by the sender, such as Network Asserted Identilfy. Network announcement

The so-called identifier may refer to the sender/caller identity, which is authenticated by the originating network and is targeted by the assertion of the issued k (eg, signed (including) additional caller information, etc. The header field can be added). Strong sender identification can be used to give initiator-based filtering capabilities. The trust infrastructure can be based on a combination of license-based delivery/agreement-based communication (PBS/CBC). The PBS basic structure is known to be extended for k. The communication and its signaling path can be linked. In the case of I MS, when the UC is generated from within the IMS network, the network operator can use the strong sender identity to limit the capabilities of the UC sender (SPIT side). For example, the bandwidth of the SPIT side can be reduced after a specific amount of traffic or base time 099136134 Form No. A0101 Page 7 of 43 1003037344-0 201138494. For normal 1? traffic, obtaining a sender ID may not be expensive. Signaling and communication messages can be transmitted in a single path to provide a strong authentication identity binding for communications generated from these identities. For UC traffic originating outside the IMS network, the trust infrastructure can convert the claimed sender identity from one trust domain to another, such as receiving an IMS network. A domain can provide a trusted endpoint as a gateway to the external domain. The domain operator can provide identification gateways as an authentication service that allows users to obtain the authentication of the identification they require, as well as the certificates issued by the gateway, such as the logo claimed by the network. Operators can deposit and use this service. Similar to paying I in the risk approach, the quotient can prevent the iSpiT party from using multiple or fake WTRUs to request multiple identifiers. - The WTRU may be notified of the payment to disclose the case of device hijack. The authenticated identity may be directly tied to the WTRU, for example by using a cryptographic protocol that may allow the identity certificate to be used in conjunction with the device that legally holds the identity certificate (eg, the identity certificate may be restricted to legal Hold the device - and use it. This protection mechanism based on strong identification can be independent of underlying, domain-dependent authentication mechanisms, such as extensible authentication protocol methods and secret protocols for universal mobile communication system (UMTS) authentication (EAp) - AKA) or other network-specific authentication protocol - WTRU (Alice), ie the receiving device can specify that the connection from the trusted domain is acceptable/allowed. mRu (Bob) will send a call to Alice. Bob's gateway, the sending network, can inform Bob of the following: Bob can be 1003037344-0 099136134 Form number A0101 Page 8 of 43 201138494 Call Alice with a valid, authenticated logo. Bob can contact Bob's gateway and execute or initiate a process in which Bob's logo is authenticated and authenticated by Bob's gateway. The process can include measures to protect the integrity and confidentiality of the exchanged messages. Using the identified logo, Bob can call Alice. Alice can use the certificate issued by the gateway to check the identity Bob requested and accept the call (for example, allow connections). The check can be performed by Alice's network (receiving network), a third party network, or by Alice's WTRU (receiving device). Alice's identification gateway (receiving network) checks the validity and freshness of Bob's identified identification before accepting the call. The originator of the call may provide an identification (which may include an identifier) that is authenticated and certified by another trusted domain operator or a trusted third party (e.g., a third party network). Alice or the receiving network can compare the identifier associated with the call with a list of recognized identifiers (e.g., whitelists) and/or a list of identifiers that are not recognized (e.g., blacklists). That is, by testing the identifier, Alice or the receiving network can determine if the communication is requested/unsolicited. For example, Alice can determine that the identifier is on the whitelist or not on the blacklist, and in the response, accept the call (for example, allow connections). As another example, Alice may determine that the identifier is not on the whitelist or on the blacklist, and in the response, reject the call (e.g., reject the connection). The operator can bind the identity authentication process to the WTRU's hardware and platform characteristics. Auxiliary services can be used for UC protection. For example, blacklists and whitelists can be achieved by using an incoming call (i ncom i ng ca 11 ) forbidden, anonymous call rejection, and closed user groups. By using the call on the originating logo 099136134 Form number A0101 Page 9 of 43 1003037344-0 201138494 ° Automated processing suspicious uc. Using malicious call identification can help with illegal red.

$. The originator is located outside the IMS network, or there is no sender identification. Even in the case where a strong sender ID is used, the UC protection can include strong binding of the sender's knowledge to the transmitting device. The fraudulent (SPQQf) logo can be detected by using a test (example t challenge/response mechanism). If the user Eve tries to send the UC ° and Lisi (that is, 'Yves may be the sending device), then Alice's IMS network can be determined by Bob (4) Whether the ride initiated a conversation. For example, if it is full of wood, it is a bully. If Bob truly proves that it initiated the call, the address of the sending device can be verified and the beer call can be forwarded 铪 'Alice / through the reverse link to the sender (running), preventing against bullying The direct UC l of the sender's knowledge can be identified to correlate the user's behavior through a network-based mechanism. Identification can include marking, - 4C Qin marks the potential UC message source as a potential singularity, and is used for security updates. After a successful female full update, the previous SPIT can be marked as on probation for a period of time. The device can be removed from the blacklist after the device's clear status is acknowledged by the network. These actions can be performed, for example, in a manner that is transparent to the user, to avoid having to use a dedicated structure for trust management and validation for the service desk. For example, an infrastructure similar to that used for enhanced home Node B (h (e) NB) and machine-to-machine (M2M) networks. A combination with Trusted Identifier Management (IdM) can be used. Thus the peer can be established on a trusted sender. 099136134 Form Number A0] 01 Page 〇 Page / Total 43 Pages 1003037344-0 201138494

A trusted web page that relays IMS messages with the recipient. If many users have complained about the UC and are able to identify the source, they can be alerted when other subscribers receive incoming communications. The user feedback report can be leveraged to build a negative reputation (reput at i on) system for subscriber behavior. Trust-related information can be tied to platforms or devices to avoid feedback-based attacks (such as malicious attacks). The communication web page can be created positively, rather than based on a negative reputation' and the web page can include trust information tied to the device. The lowest security level and authenticated sender identity may be used if the originator of the target UC is external to the IMS network or if the trusted sender identity is not identifiable. Protection can be provided using a verifiable and reliable identification trace of the real subscriber; j > ^ Λ- * -.

To avoid target users, IMS phishing users can define policies related to the minimum sender identity authentication requirements for the calls they want to receive. For example, the user may specify that the sender identity needs to be authenticated at a certain level of security 'eg, by means of a third party that can speak the user's WTRU or receive an IMS network, it is possible to obtain an identification certificate on the protected sender device. Guarantee. For example, techniques that use the identification requirements of the format that can operate with i and the cross-domain identification federation can be combined with policy-based protection mechanisms. The WTRU may be hacked to create a botnet for transmitting UCs from WTRUs with valid credentials. To combat the botnet, the network can identify the cracked WTRU and add it to the blacklist of known SPIT parties. In order to be removed from the blacklist, the entity maintaining the blacklist can verify that the WTRU causing the UC is intercepted and the problem has been resolved. A certificate of token can be issued for verification after the integrity of the evaluation device (for example, 099136134 Form No. A0101, page 11 / page 43 1003037344-0 201138494, health status (health status)). The WTRU may be connected to a quarantine network' and the behavior of the WTRU may be monitored (e.g., monitoring traffic over a period of time, etc.). For a WTRU identified as a possible UC source, outgoing communication from the WTRU may be marked as a potential UC. Based on the positive feedback, the WTRU may remove from the blacklist order. For example, the WTRU may be added to the blacklist and given a negative reputation score. Based on the user's call, the WTRU may improve its reputation score, which allows the reputation score to be reset. In order to protect the IMS network from compromised (eg, infected botnet) WTRUs, the WTRii user may be notified that the user's WTRU may be compromised and suspected. Send UC, and The user is given the opportunity to remove the software from the WTRU. As a service to the user, the operator can remove the malicious software through the knowledge of the user or without the knowledge of the user. The operator may need evidence that the user's problem has been tarnished. Standardized software for checking and updating the WTRU can be used as evidence. The ffTRU can include a secure and trusted operating environment, such as the Trusted Module TrM. The TrM can prove the WTRU's trust status (trust__state). In order to protect the IMS network from compromised WTRUs, the transmitting network may inform the WTRU that the transmitting WTRU may be infected and suspected of transmitting the UC. The sending network may remove malware from the WTRU with or without the user of the transmitting WTRU. Operators can remove malware with or without the knowledge of the user. The operator can notify the user that the problem has been resolved. Standardized software for checking and updating the WTRU can be used as evidence. The WTRU may include a secure and trusted operating environment, such as a trusted module 099136134 Form nickname A0101 Page 12 of 43 1003037344-0 201138494

TrM. The TrM may prove the WTRU's trust status (trust_state) to the network transmitting the WTRU as the basis for detection of the pre-session or in-session malicious WTRU, the status of which may be verified, for example using platform validity. Status information related to the health status of WTrjj (e.g., transmitting device) can be generated. For example, the WTRU may include/exclude malware 'may have/have no up-to-date anti-virus software, and so on.

The network may require data from the WTRU that the fTRU is in a known, good state before allowing the session to be established. For WTRlJ established on an open platform with a large number of acceptable configurations, system state validity may include the WTRU's desire to prove that the platform is not present, the car is known to be maliciously soft or to prove the desired malicious software such as the latest anti-virus software program; Defence component presence and activity status to provide effectiveness" >

In order to protect the IMS network from the compromised network elements in the sending network domain, the part of the sending network can be notified (for example, an uncompromising part or a part that cannot be compromised) as follows: These network elements may compromise and be suspected of sending UC. A portion of the sending network can be used to remove malware from network elements suspected of being compromised in the case of a user involved or involved in transmitting the WTRU. The operator can inform the user that the problem has been resolved. Standardized software for checking and updating network components can be used as evidence. The sending network may include a secure and trusted operating network environment that can prove to the receiving network the trust state of the non-WTRU network element (trust_state) and the call itself for assisting the receiving network in determining考虑 Consider status information about the elements of the sending network. In order to prevent the sender of the impersonation WTRU, 099136134 Form No. A0101 Page 13 of 43 1003037344-0 201138494

Protection' UC protection can be performed over IMS and non-IMS networks using Strong Identity Management (IdM) including a strong authentication method for the required sender identity. IdM methods such as the normal W-Guide Structure (GBA) and the Open ID (OpenlD) can be used alone or in combination to protect IMS communications from sender spoofing. Figure 2 illustrates an exemplary call flow diagram for one embodiment of a method and apparatus for providing protection against UC. Figure 2 includes a transmitting device UE A 210 and a receiving device UE B 250. Figure 2 also shows an entity that may be part of a receiving device associated with UE B 250, including a home subscriber server HSS 230 and a PUCI application server PUCI AS 240. PUCI AS 240 can be two application feeders. The service call control function S-CSCF 220 can be used to exchange safety information, for example, with ftSS 2:30. *, at R1, the UE B 250 may be identified by the S-CSCF 220 during IMS registration, for example using a standard Diameter message. The policy can be received and checked at R2'HSS 230. Fat έ 230 can receive strategies in the form of personal routing. The deaf routing can include a flag indicating whether the UE Β 250 wants the PUCI service and a setting indicating what the S-CSCF 220 should do when receiving the tag (M). The tag can be a trust score value. For example, the sending network may collect various information (sender identification information) related to the sender's identification, and create a combined scoring, for example by evaluating the score, which may allow the receiving device or network Perform an evaluation of the received information. Weiren Information can be used in the sending of 099136134 information environment, whereby the transmitting device can reuse the sender information for further communication. Other devices cannot use the sender's information stored in the sending device's form number A〇1〇1 page U/43 page 1〇〇3〇37344-0 201138494 in a secure environment. The user can indicate that an incoming call with a score above the threshold can be forwarded to the number' and can indicate that an incoming call with a score above a different threshold should be discarded. A short sequence of tags can result in a value or a score expressed in numbers. The S-CSCF can be used to route the reaction (for example, the S-CSCF can make routing decisions based on the user's settings). Device state validity measurements similar to those used in peak cell rate (pCR) can be used in the tag sequence. At R3, HSS 230 may send routing information (e.g., personal routing brief >) to S-CSCF 220. The message may include a diameter message and may not require standardization. The HSS 230 may send the information to the S-CSCF 220 if there is an update'. At 0, the PUCI AS 240 can be initialized with a global operator setting, for example applied to the user's blacklist, where the operator has a legitimate commitment to the user. The evolved device identification register (fsr, i eEIR) 0 can be used. At 1, the S-CSCF 220 can receive a message (such as a SIP INVITE message) from a caller (such as UE A 210). The message may include a PUCI associated with the tag (M1), for example, if other PUCI tests have been performed in the network (the message is transmitted over the network). At 2, the S-CSCF 220 may check if it is UE B. 250 applies PUCI filtering °S-CSCF 220 can use source spoofing method ° at 3, if PUCI service is applied for UE B 250' then S-CSCF 220 can trigger PUCI AS 240 °S-CSCF 220 can send messages (eg SIP消息 please message) to PUCI AS 240 ° The message may include PUCI related to the tag (M) information, for example, if a tag has been provided (M1 099136134 Form No. A0101 Page 15 of 43 1003037344-0 201138494 at 4, The PUCI AS 240 can check the operator's global settings and provide puci filtering. A challenge/response process (eg CApTCHA) can be used. The updated tag (M2) can be received considering the tag (Ml). The updated tag M2 can be used instead of Ml Based on the use of various Techniques (such as those that are the basis of the puci screening program, such as content filtering, consent-based communication (CBC), computational puzzles, blacklists, whitelisting, or Turing tests (eg, CAPTCHA, etc.) Μ1 can be replaced by M2 These evaluations can be incorporated into the pUCI filtering process and can be used to determine the updated UC knife (M2) provided to the S-CSCF 220. Additional evaluations involve, for example, caller device validity status or sender identification. The authentication authority may be included in the global settings and their corresponding checks on the PUCI AS 240, the caller device (sending device) validity status information indicating the apparent trust level of the caller's WTRU may include the call Verifiable requirements related to the rib status of the person. For example, there is no known anxious software associated with the caller platform, the presence and activity status of the latest malicious defensive defense or virus protection program associated with the caller platform, and The strength of the protection of the sender's certificate associated with the caller's platform (eg, encryption and access control strength). Caller platform or its network operations (Sending network) can provide reliable evidence of verifiable requirements. Such evidence can be provided by a trusted third party' or 'if the sender's network is sufficiently trusted, such as in the message of the SIP Invite message header field The indicator certifies the above or another agreement. A trusted third party (eg, a third party entity, a third party network, etc.) can provide an infrastructure for the scoring process by referring to a common configuration profile that has learned the score. support. 099136134 Form Number A0101 Page 16 of 43 1003037344-0 201138494 The updated mark M2 can be derived from Ml and other information obtained during the PlJCI filtering process, such as CAPTCHA input or caller device validity status information. Other metrics such as sender identification and authentication, reputation scores, or third-party information can also play a role in the final scoring process. This can result in a single value score for M2 and a S_CSCF routing response. At 5, the value M2 can be sent to the s_CSCF 220 as part of the SIP Invite message. At 6, the S-CSCF 220 can check the user settings and make routing decisions accordingly. As shown in Figure 2, the communication is sent to UE b 250. However, it is clear that the call can be sent to the answering machine or forwarded elsewhere. —:· At 7, the S-CSCF 220 can forward the SIP request with the 榡 ( (j(2) to ϋΕ β 250 1E B 250. The communication can be reported as this or can be changed in the HSS 230. Profile. At 8, the information is sent from the PU 250 to the PUCI AS 240. The report from the UE Β 250 can be used, for example.

The web interface, the numeric keypad entry, the ut interface, or by piggybacking on existing messages. .

At 9, based on the message from UE B 250, PUCI AS 240 may modify the operator global settings, the subscriber profile, or both. These modifications are related to local regulations and prior consent from the user. At puci AS 240, a Diameter Message Profile Update Request (PUR) can be sent. ^Communication can be reverse routed to the caller (user of UE A 210), and ue A 210 and reverse routed calls can be used to facilitate evaluation. The evaluation involves whether the UE A 210 needs to be remediated to reach an acceptable device state. At 11, the HSS 230 can respond with a Diameter Message Update Response (P U A ). 099136134 Form No. A0101 Page 17 of 43 1003037344-0 201138494 Figure 3 illustrates an exemplary call flow diagram for another embodiment of a method and apparatus for providing protection against uc. Figure 3 includes the second Some of the elements in the figure 'these elements include UE A 210, S-CSCF 220, HSS 23〇, PUCI AS 240 and UE B 250. Figure 3 includes additional features in Figure 2. These additional features include features at R1, R2, R3, 0, 1, 2, 3, and 4. FIG. 3 also includes a rew load component 345. As an example, the 'unloading element 345' may be a third party application server, such as a third party PUCI AS 346 (not shown) or an auxiliary service 347 (not shown). Examples of the auxiliary service 347 may include, but are not limited to, using a blacklist and / or whitelist, incoming call barring, anonymous call rejection, closed user group, call related to source identity, move, or malicious call identity. The processing request at the 55' PUCI AS 240 can be removed to a third party PUCI AS 346 or an auxiliary service 347. At 56, the ancillary service 347 can be provided and/or the third party PUCI AS 346 can provide care. The removal portion may include an assessment of the state of the device (see, for example, 4). The loading status evaluation results performed by the third party PUCI AS 346 or the auxiliary service 347 can be used to evaluate the validity of the malicious call identification (MCID) based on the Invite message. The 57' value M2 can be sent to the PUCI AS 240 as part of the sip invite message. The results from 5' and 4 and 6 can be combined for the updated mark M3. The 59' value M3 can be sent to the S-CSCF 220 as part of the SIP Invite message. At 6 〇, the s-CSCF 220 can check the user settings and make routing decisions accordingly. The call can be sent to the answering machine or forwarded elsewhere. The call can be routed back to the caller (user of UE A 21〇) or UE A 210, and the reverse routed call can be used to facilitate the evaluation, which involves UE A 210 needing to correct it. 099136134 Form nickname A0101 Page 18 of 43 1003037344-0 201138494 To an acceptable device state. At 61, the S-CSCF 220 can forward the SIP Invite and Tag (M3) to the UE B 250. UE B 250 may report the communication as UC or may change its profile in HSS 230. At 62, the information is sent from the UE Β 250 to the PUCI AS 240. At 63, based on the message from UE Β 250, PUCI AS 240 may modify the operator global settings, the subscriber profile, or both. At 64, the PUCI AS 240 can send a Diameter Message Profile Update Request (PUR) to the HSS 230. The 65' HSS 230 can respond with a Diameter Message Profile Update Response (PUA). At 66, the PUCI AS 240 can send a Diameter Message Profile Update Request (PUR) to the Removal Component 345. At 67., the unloading element 4345 can respond with a Diameter Message Profile Update Reply (PUA). The PUCI may include the use of an approved list of callers (e.g., a whitelist) and a list of unrecognized callers (e.g., a blacklist). For example, the list may include an identifier corresponding to the caller or the transmitting device. Multiple S protections can be provided by using a blacklist and an anonymous beer call rejection. The device validity check can be used with the MCID check. The blacklist (BL) may include an incoming call barring (ICB)' and may include the number of reduced sources. If the caller matches the BL entry, the call can be rejected and the rejection announcement can be played, otherwise the caller can connect to the subscriber. The UC source (eg, the sending device) can use anonymity to hide its identity. Anonymous Call Rejection (ACR) can be used to block anonymous calls, _free « UC. The rejection can be notified to the callee by rejecting the announcement. The combination of these two ancillary services provides a stronger SPIT/UC protection than it is. Anonymous call identification i ^ 1 picking may include detecting an unknown configuration. 1003037344-0 099136134 Form No. A0101 Page 19 of 43 201138494 Includes a whitelist and a consent mailbox (cmb). The consent phase and the white name can be implemented together with the source identification (4) called transfer (for example, call forwarding). = If the caller matches the whitelist entry (eg, the caller's identification + is in the whitelist) then the caller can connect to the callee. Otherwise the i caller can be redirected to (10). The caller can send a request to the callee to be added to the whitelist. The whitelist can require strong, well-recognized or other sources of bullying, and can avoid indirect attacks. The fourth illustration Hi is another way of providing a method and apparatus for protecting the fox. For example, the sender/sender of the SPIT party/subscriber A 4〇1 can send the desired communication to the subscriber B via the __way such as the network 4〇2. The network 4〇2 can be with the subscriber B. The 4〇3 associated receiving network can send a communication (call B) at 405. ^Network 4〇2 can compare the identifier of the telephone number with the blacklist. The blacklist (BL) may include an auxiliary service call barring (biliary), and may reject the matching number in (1) by rejecting the call. A comparison to the whitelist (milk) can also be included at 415. At 490, the caller that matches the entry on the WL can be directly connected to the subscriber 403. At 420, it can be determined if the caller has ρΐΝ. If there is one, the PIN can be entered at 425 'SPIT party/subscriber a 401. At 430, network 402 can determine if the entered PIN matches the expected piN. If so, the 490 'SPIT party/subscriber A 401 can be connected to the subscriber B 403. If not, the SPIT party/subscriber A 401 can be forwarded to the consent mailbox (CMB) at 450 and provided to the Turing test, such as an audio CAPTCHA test. 099136134 Form Number A0101 Page 20 of 43 1003037344-0 201138494 At 435, SPIT Party/Subscriber A 401 may indicate that SPIT Party/Subscriber A 401 does not have a PIN. In this case, the SPIT party/subscriber A 401 can be forwarded to the consent mailbox (CMB) at 450 and provided to the Turing test, such as the audio CAPTCHA test. At 450, the consent mailbox can request the user to enter the PIN identified in the message. For example, a voicemail box can play a simple message like "Please enter 334". The sender can understand the message and can physically enter the PIN number that produces a dual tone multi-frequency (DTMF) detectable tone. If the entered PIN and play The PINs match, then at 490, the call/communication can be connected to subscriber B 403. More complex Turing tests can be used. Such tests can include, for example, finding solutions to mathematical problems. Complex Turing tests can include PINs. The PIN is identified in the message and encoded in a manner that makes it difficult for the speech recognition/translation system to understand. The encoded message may not be difficult to understand to prevent the caller from being blocked. An anonymous communication denial can be used to determine that the caller is anonymous. If so, a rejection notice can be made at 440. At 416, a determination can be made as to whether a non-interference condition has occurred. If so, at 440, a rejection notice can be made. At 417, call forwarding (CD_OIT〇D) characteristics related to source identification with time of day characteristics can be implemented. For example, time screening Can be used with blacklists and/or whitelists. Platform validity information (such as information in the form of simplified validity results) can be transmitted in IMS context information. This information can provide additional criteria for doing A decision on how likely the communication is to be UC. Table 1 includes an exemplary context for replenishing existing information in the IMS message. 099136134 Form No. A0101 Page 21 of 43 1003037344-0 201138494 Sex list.

鼷 暄 ( ( (user ID strength) static unknown [MS-AKA SIP digest authentication SIP digest authentication with TLS GIBA NBA non-IMS authentication subscriber non-IMS unidentified An indicator of trust. This may depend on the strength of the authentication method, as well as the subscription dependent on the person or organization. DeviceldentityS^rength (device identification strength) Static unknown [MEI ESN ... (other) AIK (TCG) Strongly tied set. Co to Catego/y (fee type) Static Unknown Free Flat rate Charge amount (per minute or call) Communication cost indicator. OriginNetwork Static Network The network that initiated the request. OriginNetworkType (Type) Static Unknown IMS PSTN/CS Internet TCGTNC source network type; assume different types are associated with different credibility. Ca//Cow/?/ (call this appeal fragment) Dynamic Call fragment from a specific user (ie, _) that causes UC feedback. MessagingComplaintFraction A message fragment from a specific user that dynamically causes UC feedback (non-instant messaging V Table 1 Figure 5 shows a method and apparatus for preventing protection of uc in an exemplary non-IMS interconnection network Another embodiment. Figure 5 includes domain eight 501, domain B 502, network C, and internet 5〇4. Domain a 5〇1 may be an IMS incompatible operator and may include a border agent 5丨1 And 512. Domain β 502 may be an IMS compliant operator and may include 〇I_CSCF 521 and WTRU 522. WTRU 512 in domain A 501 may send the desired communication to WTRU 522 in domain B 502. 099136134 Form Number A0101 22 Page / Total 43 pages 1003037344-0 201138494 UC protection for non-IM interconnections may include an authentication phase in the transmit domain. That is to say 'in domain A 501, the transmitting UE may trigger authentication with the border proxy 511 / Authorization phase. The notification phase can be similar to the "Hello" procedure between Domain A 501 and Domain B 5〇2, where the upcoming call is notified to Domain B 502 ^ In this phase, Domain B 502 can be executed Backhaul routing capability Check to verify network information is valid and the sender identification field declared by the A.

In order to verify the presence of information using the assurance level, Domain B 502 can check if the network address given by Domain A 501 can reach the sender. Ο You can use the support identity infrastructure. The support identity infrastructure can specify the identity type 'such as authentication strength' such as username/password, encryption token, dual factor, hardware-based, or hardware-bound sender hardware information (provided on the device) Hardware and software, integrity check responsibility, etc.) For example, 'If domain A 501 can resolve the required sender ID to a real person or account so that the real person can keep the request The sender ID is responsible, then domain A 5〇1 verifies the sender ID. 'Domain A 501 can send a collection of a set of claims for the identity of the authenticated sender to Domain B 502. Based on the received information, Domain B 502, which is the infrastructure of the receiving network, can make a decision. For example, a single user in domain b 502 or domain B 502 can specify that a call from an authenticated sender can be received, wherein the authenticated sender identification can be resolved to a real person. This information can be compiled into a sender score, which allows the domain B 5 0 2 to more easily assess the likelihood that the message is U C . Depending on whether there is a shared secret between domain A 501 and domain B 502, the notification phase is handled differently. The notification phase can be initiated when a notification message including the label 1003037344-0 201138494 (e.g., 'tag A) is sent from the domain A form number A0101 page 23/total 43 page 501 to the domain B 502. The notification message may be sent by the *WTRU 512 or the border agent 511 of the serving WTRU 512. Labels can be protected by prohibiting double spending and reusing labels. The tag may also be a hardware device that is bound to the sender: it is restricted to be sent from the same device used by the sender in authentication field A 501. The tag may also be associated with a secret known to the transmitting device (WTRU 512). Domain B 502 can then challenge WTRU 512 to prove possession of this secret' in order to accept Tag A. The challenge can be based on a distribution signature

The sticky round is for the WTRU 512, which can be used to sign the challenge verification challenge from the domain b 5〇2. WTR1] 512 may use .zero, and evidence to prove that the tag is owned for receiving tag validity between domain B and the WTRU 512. ?, Notification requests can be handled more easily than invitation requests. For the call session control function IO_CSCF 521 in domain B 502, the notification process can be stateless. The notification request may result in the retention or opening of the media in the case of an invitation request that may be an SDP payload. Domain b 502 may use the notification phase to communicate certain challenges that the domain WTRU 512 or border agent 5n will be addressed to in the 〇1, which may be sent to the WTRU 512 and the border agent. 511. If Domain B 502 can send the challenge directly to WTRU 512, it can do so. Otherwise, the challenge may be forwarded to the WTRU 512 via the border agent 511. For the receiving network (domain b 5〇2), in order to trust a specific sending agent such as the border agent 511, the domain A 5〇1 may send some verifiable information related to the credibility of the special sending agent to the 1003037344-0. Domain B 5〇2, 099136134 Form Number A0101 Page 24 of 43 201138494 and may send verifiable information requesting WTRU 512 to reach Domain B 502 through this particular sending agent. The WTRU 512 may directly answer a partial challenge, while other portions may be answered by the border agent 511. The (four) query may provide the receiving domain B 502 with evidence that the WTRU 512 is in the domain α 5〇ι neutral, domain A5 (H direct authentication 512 and sender identification, the caller initiated the call through the perimeter 512, or The 诵 512 is in a known, provable_device «. The challenge can be defended against repeated attacks by, for example, a time 发布, random number, or both issued by the border agent.

If the %-aware phase is successfully passed, then 5()2, 赖Μα 521 may decide whether to authorize the input call β. This may be based on one or more of the following: whitelist, blacklist, user preference ( For example, after 〇 〇 * * 允许 、 、 、 、 、 、 、 、 、 、 、 ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦ "A challenge for the internal integrity check of 5()1 is verified against WTRlI 512 integrity (this can then be checked by domain B 502 OI-C§CP 521: check). The decision can be to reject the call, place the call Send to the mailbox or SPIT analysis system, or finally accept the call. If domain B 502 allows the call, then 〇I_CSCF 521 can generate a token for this particular call and pass it to domain A 501. The token can be explicitly or Implicitly passed by parameters that enable domain A 5〇1 to derive the actual token from the information shared with domain B 502. By using, for example, the itu fee tracking counter, random number, or this Both, the token can be protected from multiple times Expenses and provide indicators of freshness and integrity, such as timestamps and signatures. 099136134 Form Number A0101 Page 25 of 43 1003037344-0 201138494 If the token is carried with the caller or callee Relevant personal information 'is then required to be kept secret. The token can be protected against interception and abuse by another device. The token can be tied to a receiving device such as the WTRU 522. This can include issuing a suitable key To domain b 502, or if domain B 502 trusts domain A 501, domain B 502 can wrap the token for the gateway of domain A 501 and can encrypt the secret record for WTRU 512. In domain B 502 The OI-CSCF 521 and the border agent 511 in the domain A 501 having the agent that sends the invitation request can pass the token to the functional entity in the domain b 502 that wants to receive the corresponding invitation request. In the domain A 501 and the domain b 5 In the case of a shared secret, the border agent 511 in the domain a 501 can be tagged in the authorization/authorization. The flag .';|S' _·, ... .3⁄43⁄4 stupid.fiv sign can be carried and sent Additional information related to the device, such as; lifting certificate, device Status statement, or device software or hardware certificate. Domain B 502 can authenticate the information carried in the tag by a trusted third party. It can include devices related to information that can be directly verified and checked by the receiving network (domain B 502). Network C 503 can be used for example roaming instances. The sending entity may not be in domain A 501. For example, the transmission may be in network C 503, and the sending entity may have a network in the network that does not belong to domain A 501. Address. In such a case, the sending entity can connect to the border agent 511 via the internet. Figure 6 is a diagram of an example communication system 600 in which one or more of the disclosed embodiments may be implemented. Communication system 600 can be a multiple access system that provides content, such as voice, data, video, instant messaging, broadcast, etc., to multiple wireless users. Communication system 600 enables multiple wireless users to access such content by sharing system resources including wireless bandwidth. For example, 099136134 Form Number A0101 Page 26 of 43 1003037344-0 201138494 Communication System 600 may employ one or more channel access methods, such as code division multiple access (CDMA), time division multiple access (TDMA) ), frequency division multiple access (FDMA), orthogonal FDMA (OFDMA), single carrier FDMA (SC-FDMA), and the like. As shown in FIG. 6, it should be understood that the disclosed embodiments contemplate that any number of WTRUs, base stations, networks, and/or network elements may include, but are not limited to, a relay node, a gateway, a femtocell base station. The set-top box, etc., the communication system 600 can include wireless transmit/receive units (WTRUs) 602a, 602b, 602c, 602d, a wireless access network (RAN) 604, a core.: ..... ... ... Network 606, Public Switched Telephone Network (PSTN) 608, Internet 610, and other networks 612. Each of the WTRUs 602a, VII, 602c, 602d may be any type of device configured to operate and/or communicate in a wireless environment. For example, the WTRUs 602a, 602b, 602c, 602d may be configured to transmit and receive wireless signals 'and may include user equipment (UE), mobile stations, fixed or mobile subscriber units, pagers, mobile phones, personal digits Assistants (pDA), smart phones, laptops, e-books, personal computers, wireless sensors, consumer electronics, and more. 099136134 The communication system 600 can also include a base station 614a and a base station 6i4b. Each of the base stations 614a, 614b can be any type of device configured to wirelessly interact with at least one of the WTRUs 602a, 602b, 602c, 602d to facilitate access to one or more communication networks, The communication network is, for example, a core network 606, an internet 61, and/or a network 612. For example, 'base station 614a, 614b may be a base station transceiver (BTS), node one B, e node B, home node B, home, site controller, access point (AP), wireless router' with helmet Line Form No. A0101 Page 27 of 43 1003037344-0 201138494 Capable set-top box, wireless-enabled home gateway, relay node, etc. While each of the base stations 614a, 614b is depicted as a single element, it should be understood that the 'base stations 614a, 614b may include any number of interconnected base stations and/or network elements. Base station 614a may be part of RAN 604, where RAN 604 may also include other base stations and/or network elements (not shown), such as a base station controller (BSC), a radio network controller (RNC), Following the node and so on. The base station 614a and/or the base station 614b can be configured to transmit and/or receive wireless signals within an area of the unit 7G (not shown). The cell can be further divided into cell blocks. For example, a cell associated with base station 614a can be split into three blocks. Thus, in one embodiment, base station ll > 4a may include three transmitters, i.e., one transceiver per cell. In another embodiment, the base station 614a can employ multiple input multiple output (MIMO) technology, and thus multiple transceivers can be employed for each block of cells. The base stations 614a, 614b may be associated with the WTRU 60 2a via an air interface 616 that may be any suitable wireless communication key (e.g., radio frequency (RF), microwave, infrared (Ir), ultraviolet (UV), visible light, etc.) One or more of 602b, 602c, 602d communicate. The null interfacing 616 can be established using any suitable radio access technology (RAT). More specifically, as noted above, the communication system 600 can be a multiple access system and can employ one or more channel access schemes, such as CDMA, TDMA, FDMA, 0FMA, SC-FDMA, and the like. For example, base station 614a and WTRUs 602a, 602b, 602c in RAN 604 may perform radio technologies such as Universal Mobile Telecommunications System (UMTS) terrestrial radio 099136134 Form No. A0101 Page 28 of 43 Page 1003037344-0 201138494 Access ( UTRA), the UTRA can establish an empty interfacing plane 616 using Wideband CDMA (WCDMA). The WC DM A may include, for example, a South Speed Packet Access (HSPA) and/or an Evolved HSPA (HSPA+) communication protocol. HSPA may include High Speed Downlink Packet Access (HSDPA) and/or High Speed Uplink Packet Access (HSUPA). In another embodiment, 'base station 614a and WTRUs 602a, 602b, 602c may implement a radio technology such as Evolved UMTS Terrestrial Radio Access (e-UTRA), which may employ Long Term Evolution (LTE) and/or Enhanced LTE (LTE-A) establishes an empty intermediate plane 616. In other embodiments, the platform 614a and the WTRUs 602a, 602b, 602c may perform, for example, IEEE 802.16: (ie, Worldwide Interoperability for Microwave Access (

WiMAX)), CDMA 2000, CDMA 2000 lx, CDMA 2000 EV-DO, Transitional Standard 2000 (IS-2000) 'Transitional Standard 95 (is-95), Transitional Standard 856 (IS-856), Global System for Mobile Communications (GSM) ) Radio technology for Enhanced Data Rate (EDGE), GSM EDGE (GERAN), etc. for GSJJ Evolution. The base station 61 in Fig. 6 may be, for example, a wireless router 'home node.....:........B., B, a home e-Node B or an access point, and can; Use any suitable RAT to facilitate wireless connectivity in local areas such as business locations, homes, vehicles, campuses, and the like. In one embodiment, base station 6i4b and WTRUs 602c, 602d may implement a radio technology such as IEEE 8〇2丨丨 to establish a wireless local area network (WLAN). In another embodiment, base station 614b and WTRUs 602c, 602d may perform, for example, IEEE 802.15.

Radio technology to establish a wireless personal area network (Liver AN). In yet another embodiment, 'base station 614b and WTRUs 602c, 602d may employ cell-based RATs (e.g., wcDMA, CMA 2000, GSM, LTE 099136134 Form Number A0101 Page 29 of 43 page 1003037344-0 201138494, LTE -A, etc.) to establish microbubble or femtocells. As shown in Figure 6, base station 614b may have a direct connection to the Internet 61. Therefore, base D 614b may not need to access the Internet 610 through the core network 6〇6. The RAN 604 can communicate with a core network 606 that can be configured to provide voice, data, application, and/or Voice over Internet Protocol (VoIP) services to the WTRUs 602a, 602b, 602c, 602d. One or more of any type of network. For example, the core network 6.6 can provide beer control, billing services, mobile location based services, prepaid calling, internet connectivity, video distribution, etc. and/or perform advanced security functions (eg, user authentication). & Although not shown in Figure 6, it should be understood that 'RAN 604 and/or core network 吟 $ 〇 $ can communicate directly or indirectly with other RANs that use the same RAT as RAN 6〇4 or different RATs. For example, 'in addition to being connected to the RAN 604 employing E-UTRA radio technology, the core network 606 can also communicate with another RAN (not shown) employing the GSii radio technology. Core network 606 may also serve as a gateway to fSTRU 602a, 602b, 602c, 602d to access PSTN 608, internet time, and/or other network 612. PSTN 608 may include providing plain old telephone service (p〇TS) Circuit switched telephone network. The Internet 61 can include globally interconnected computer networks and devices that employ common communication protocols such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and TCP/IP Internet Protocol Groups. Internet Protocol (IP) system. Network 612 may include a wired or wireless communication network owned and/or operated by other service providers. For example, 'network 612 may include another core network connected to one or more RANs'. The one or more RANs may employ the same 099136134 as RAN 604. Form Number A0101 Page 30/Total 43 Page 1003037344-0 201138494 RAT or different RAT. Some or all of the WTRUs 6〇2a, 6〇2b, 6〇2c, 602d in the communication system 600 may include multi-mode capabilities, ie, the WTRUs 6〇2a, 602b, 602c, 602d may include multiple enumerators for use Communicate with different wireless networks over different wireless links. For example, the WTRU 6〇2<^ shown in Figure 6 can be configured to communicate with a base station 614a that can employ a cell-based radio technology and with a base station 614b that can employ an IEEE 8〇2 radio technology.

Although the features and elements of the present invention are described in a particular combination, each feature or element can be used alone or without the combination of other features and elements in the absence of its elements. The method or flow chart provided herein can be implemented in a computer program, software or firmware executed by a general purpose computer or processor, wherein the computer program, software or firmware is embodied in a computer readable storage medium. Examples of computer readable storage media include read only memory (R〇M) random access s memory (RAM) ', scratchpad, cache memory, semiconductor memory device, internal disk and removable magnetic Magnetic media such as films, magneto-optical media, and optical media such as tablets and digital versatile discs (dvds). For example, a suitable processor includes: a general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors' one or more microprocessors associated with the DSP core, Controllers, Microcontrollers, Dedicated Integrated Circuits (ASICs), Special Deer Standard Products (ASSP), Field Programmable Gate Array (FPGA) Circuits, Any Integrated Circuit (1C) and/or State Machines 099136134 and The software-associated processor can be used to implement a radio frequency transceiver form number A0101 Page 31 of 43 1003037344-0 1 201138494 乂 在 in the wireless transmit receive unit (WTRU), user equipment (UE), , base station, mobility management entity (face) or evolved packet core ~ network (EPC) or any host computer. The WTRU may be used in conjunction with a hardware and/or software implemented module including a software defined radio (SDR) and other components such as a camera, a video camera module, a videophone 'speaker phone, a vibrating device , speaker, microphone, TV transceiver 'hands-free headset, keyboard, Bluetooth 8 module, FM (FM) radio unit, near field communication (NFC) module liquid day display (LCD) display unit, organic light two Extremely compact (〇LED) display, digital music player, media player, video game console module, internet browser and / or any wireless local area network (WLAN) or ultra-wideband (UWB) mode group. BRIEF DESCRIPTION OF THE DRAWINGS [0005] The present invention can be understood in more detail from the following description given in conjunction with the accompanying drawings in which: FIG. 1 is a functional block diagram of an exemplary wireless transmitting/receiving unit Figure 2 shows an exemplary call flow diagram of an embodiment of a method and apparatus for providing protection against uc; Figure 3 shows an example of another embodiment of a method and apparatus for providing protection against uc Sexual Call Flowchart; Figure 4 shows another embodiment of a method and apparatus for providing protection against uc; Figure 5 shows another for preventing UC protection in an exemplary non-IM Internet road Embodiments of the method and apparatus; and FIG. 6 is a system diagram of an example communication system implementing one or more of the disclosed embodiments. Form No. A0101 099136134 Page 32 of 43 1003037344-0 201138494 [Main Component Symbol Description] [0006] ACR Anonymous Call Reject BL Blacklist CAPTCHA Audio CD_OI ToD Call Transfer HSS Home Subscriber Server ICB Input Call Prohibited IMS Multimedia System PSTN , 608 public switched telephone network 〇 PUA diameter message profile update response PUCI protection against unsolicited communication (UC) PUCI AS PUCI application server PUR diameter message profile update request RAN ' 604 wireless access network S-CSCF Service Call Session Control Function SPIT Junk IP Phone

TrM '120 Trusted Modules 〇 UE A ' UE Β 甩 设备 ; ; ; WL WL WTRU , 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 114 Transceiver 116 Battery 118 Antenna Form Number A0101 099136134 Page 33 of 43 1003037344-0 201138494 401 ' 403 Subscriber 402 Network

501 domain A

502 domain B

503 Network C 504 ' 610 Internet 511 Border Agent 521 OI-CSCF 600 Communication System 606 Core Network 612 Other Network 614a ' 614b Base Station 616 Empty Intermediary 099136134 Form Number A0101 Page 34 of 43 1003037344-0

Claims (1)

201138494 VII. Patent application scope: 1 · A method for avoiding transmission-unsolicited communication, the method comprising: receiving a communication from a transmitting device device, wherein the communication is used to be transmitted to a receiving device; And communicating at least one of a receiving network or the receiving device, wherein the authentication information can be evaluated to determine whether the communication is not request. The method of claim 1, wherein determining the authentication information comprises determining a strong sender profile associated with the transmitting device. 3. The method of claim 2, wherein the strong sender identifier comprises a network-claimed identifier, wherein the method of claim 2, wherein the strong transmission The method of claim 1 is the method of claim 1, wherein the authentication information includes status information related to a health status of the transmitting device. The method of claim 5, wherein the state of the health is related to an antivirus status on the transmitting device. 7. The method of claim 5, the method further comprising at least one of: removing malware from the transmitting device; or from a network element associated with the transmitting device Remove malware. 8. A method for avoiding delivery of an unsolicited communication, the method comprising: receiving authentication information from at least one of: a transmitting device or a transmitting network; and 099136134 Form No. A0101 Page 35 of 43 pages 1003037344-0 201138494 It is determined from the authentication information whether a communication associated with the authentication information is unsolicited. 9. The method of claim 8, wherein the authentication information comprises a strong sender identity associated with the transmitting device. 10. The method of claim 9, wherein the strong sender identification comprises a network claimed identity. The method of claim 9, wherein the strong sender identification cannot be operated by a sender of the communication. The method of claim 9, wherein the strong sender identification is tied to the transmitting device and cannot be used with another device. 13. The method of claim 9, wherein the method further comprises collecting sender identification information and creating a combined score associated with the sender identification information, wherein the combined score can be used to evaluate The reliability of the transmitting device. 14. The method of claim 9, the method further comprising receiving a combined score and storing the combined score in a trusted environment on the transmitting device, wherein the combined score It can be reused by the transmitting device and cannot be used by other devices. The method of claim 8, wherein the authentication information includes status information related to a health status of the transmitting device. 16. A method for avoiding the delivery of an unsolicited communication, the method comprising: performing a test to determine if a communication associated with a transmitting device is unsolicited; determining whether the communication is not based on the test Upon requesting; rejecting a connection associated with the communication when it is determined that the communication is unsolicited, wherein the rejection is performed by at least one of: 099136134 Form Number A0101 Page 36 of 43 Page 1003037344-0 201138494 receiving a network or a receiving device; and allowing the connection associated with the communication to be performed when determining that the communication is acceptable, wherein the allowing is performed by at least one of: A receiving network or a receiving device. 17. The method of claim 16, wherein the testing comprises comparing an identifier associated with the transmitting device to at least one of: an approved list of identifiers or an un-identified A list of approved identifiers. The method of claim 16, wherein the test comprises a Turing test. The method of claim 16, wherein the testing comprises using at least one of the following to determine that a state of the transmitting device is acceptable: an internal application server or a third party application server Device. The method of claim 16, wherein the testing comprises verifying a single address of the transmitting device. The method of claim 20, wherein the testing further comprises determining at least one of: an authentication strength, an presence of the identified hardware on the transmitting device, the transmitting device The existence of an identified software, or the responsibility associated with a required sender identification. The method of claim 16, wherein the testing comprises: transmitting a challenge to the transmitting device; receiving a response from the transmitting device; and evaluating the response to verify a sender A logo. 099136134 Form No. A0101 Page 37 of 43 1003037344-0